Howard Enos
d5614ce558
AdwCleaner requires both elevated privileges and an interactive desktop session simultaneously -- SYSTEM context is elevated but Session 0 (no desktop), user_session has a desktop but a non-elevated WTS token. Removing for now; will re-add with schtasks InteractiveToken dispatch when that mechanism is implemented. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
126 lines
3.7 KiB
JSON
126 lines
3.7 KiB
JSON
{
|
|
"scanners": [
|
|
{
|
|
"name": "RKill",
|
|
"category": "process-killer",
|
|
"exe": "C:\\GuruScan\\downloads\\rkill.exe",
|
|
"installer_exe": null,
|
|
"installer_args": null,
|
|
"run_update_after_install": false,
|
|
"download_url": "https://download.bleepingcomputer.com/grinler/rkill.exe",
|
|
"manual_download": false,
|
|
"manual_download_note": null,
|
|
"scan_args": ["-s", "-l \"{LOG_ROOT}\\rkill.log\""],
|
|
"clean_args": ["-s", "-l \"{LOG_ROOT}\\rkill.log\""],
|
|
"log_src": "{LOG_ROOT}\\rkill.log",
|
|
"timeout_min": 10,
|
|
"randomize_exe": false,
|
|
"pre_close_processes": [],
|
|
"pre_clean_paths": [],
|
|
"post_clean_paths": [],
|
|
"service_names": [],
|
|
"hitmanpro_trial_reset": false,
|
|
"whitelist_arg": null,
|
|
"wait_on_process": null,
|
|
"session0_compatible": true
|
|
},
|
|
{
|
|
"name": "Emsisoft",
|
|
"category": "antimalware",
|
|
"exe": "C:\\EmsisoftCmd\\a2cmd.exe",
|
|
"installer_exe": "C:\\GuruScan\\downloads\\EmsisoftCommandlineScanner64.exe",
|
|
"installer_args": ["/S"],
|
|
"run_update_after_install": true,
|
|
"download_url": "https://dl.emsisoft.com/EmsisoftCommandlineScanner64.exe",
|
|
"manual_download": false,
|
|
"manual_download_note": null,
|
|
"scan_args": [
|
|
"/f=C:\\",
|
|
"/deep",
|
|
"/rk",
|
|
"/m",
|
|
"/t",
|
|
"/pup",
|
|
"/a",
|
|
"/n",
|
|
"/ac",
|
|
"/d",
|
|
"/wl=\"C:\\GuruScan\\whitelist.txt\"",
|
|
"/la=\"{LOG_ROOT}\\a2cmd_deep_log.txt\""
|
|
],
|
|
"clean_args": [
|
|
"/f=C:\\",
|
|
"/deep",
|
|
"/rk",
|
|
"/m",
|
|
"/t",
|
|
"/c",
|
|
"/pup",
|
|
"/a",
|
|
"/n",
|
|
"/ac",
|
|
"/d",
|
|
"/wl=\"C:\\GuruScan\\whitelist.txt\"",
|
|
"/la=\"{LOG_ROOT}\\a2cmd_deep_log.txt\""
|
|
],
|
|
"log_src": null,
|
|
"timeout_min": 120,
|
|
"randomize_exe": false,
|
|
"pre_close_processes": [],
|
|
"pre_clean_paths": ["C:\\EmsisoftCmd"],
|
|
"post_clean_paths": ["C:\\EmsisoftCmd"],
|
|
"service_names": [],
|
|
"hitmanpro_trial_reset": false,
|
|
"whitelist_arg": "emsisoft",
|
|
"wait_on_process": "a2cmd",
|
|
"session0_compatible": true
|
|
},
|
|
{
|
|
"name": "HitmanPro",
|
|
"category": "antimalware",
|
|
"exe": "C:\\GuruScan\\downloads\\HitmanPro_x64.exe",
|
|
"installer_exe": null,
|
|
"installer_args": null,
|
|
"run_update_after_install": false,
|
|
"download_url": null,
|
|
"manual_download": true,
|
|
"manual_download_note": "Requires a trial/license — download from https://www.hitmanpro.com/en-us/hmp.aspx",
|
|
"scan_args": [
|
|
"/noinstall",
|
|
"/scan",
|
|
"/quiet",
|
|
"/log=\"{LOG_ROOT}\\HitmanPro_Scan_Log.txt\"",
|
|
"/excludelist=\"C:\\GuruScan\\whitelist.txt\""
|
|
],
|
|
"clean_args": [
|
|
"/noinstall",
|
|
"/clean",
|
|
"/quiet",
|
|
"/log=\"{LOG_ROOT}\\HitmanPro_Scan_Log.txt\"",
|
|
"/excludelist=\"C:\\GuruScan\\whitelist.txt\""
|
|
],
|
|
"log_src": null,
|
|
"timeout_min": 60,
|
|
"randomize_exe": false,
|
|
"pre_close_processes": ["chrome", "firefox", "msedge", "brave", "opera", "iexplore", "operagx", "MicrosoftEdge"],
|
|
"pre_clean_paths": [
|
|
"C:\\ProgramData\\HitmanPro",
|
|
"C:\\ProgramData\\HitmanPro.Alert",
|
|
"%LOCALAPPDATA%\\HitmanPro",
|
|
"%LOCALAPPDATA%\\HitmanPro.Alert"
|
|
],
|
|
"post_clean_paths": [
|
|
"C:\\ProgramData\\HitmanPro",
|
|
"C:\\ProgramData\\HitmanPro.Alert",
|
|
"%LOCALAPPDATA%\\HitmanPro",
|
|
"%LOCALAPPDATA%\\HitmanPro.Alert"
|
|
],
|
|
"service_names": [],
|
|
"hitmanpro_trial_reset": true,
|
|
"whitelist_arg": "hitmanpro",
|
|
"wait_on_process": "HitmanPro_x64",
|
|
"session0_compatible": true
|
|
}
|
|
]
|
|
}
|